Communities

Communities
Filtering information based on the IP prefix can become tedious in large networks because of
the number of potential routes. There is a way to overcome this and it’s known as communities.
A community is a group of destinations that have some common attribute. Destinations
can be added to a community by setting their COMMUNITY attribute. Routing policies
can then be enforced based on using the COMMUNITY attribute to affect routing decisions.
Destinations can be grouped into a single community or multiple communities regardless of
their physical location and autonomous system. By default, all routes belong to the Internet,
a well-known community.
310 Chapter 9  Advanced Border Gateway Protocol
There are other well-known communities, besides the Internet, that a destination can belong to:
 NO_EXPORT—A route belonging to this community will not be advertised to an eBGP
peer. This includes member-ASs within a confederated AS.
 NO_ADVERTISE—A route belonging to this community will not be advertised to any
BGP peer, whether it’s iBGP or eBGP.
 LOCAL_AS—This community was first introduced in Cisco IOS 12.0. Routes belonging
to this community will be advertised to other mini-ASs belonging to the same confederation.
The routes are not be advertised outside of the confederation.
 Internet—This is the default community all BGP speakers belong to. No type of route
filtering is used.
In order to add a route to a community, you need to create a route map and use the set
community command to add the route to the community. This can occur for routes being advertised
to the BGP speaker from a peer, routes being advertised from the BGP speaker to a peer,
and routes being redistributed into BGP.
For example, we want to add route 192.168.200.0 /24 to community 200, and we want to
add all other routes to the NO_EXPORT community. EIGRP 100 is redistributing the routes
into BGP. This is the configuration that needs to occur:
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#access-list 1 permit 192.168.200.0 0.0.0.255
R2(config)#route-map COMMUNITY1 permit 10
R2(config-route-map)#match ip address 1
R2(config-route-map)#set community 200
R2(config-route-map)#route-map COMMUNITY1 permit 20
R2(config-route-map)#set community no-export
R2(config-route-map)#exit
R2(config)#router bgp 200
R2(config-router)#neighbor 3.3.3.3 route-map COMMUNITY1 in
R2(config-router)#^Z
R2#
If community 200 already existed, the keyword additive would have needed to be added
to the end of the set community command. In order to remove routes from a community, the
command set community none would need to be used.
The previously mentioned commands will not fully configure a community. The COMMUNITY
attribute is stripped from outgoing BGP updates. In order to enable the propagating
of community information to a peer, the following command needs to be entered in
BGP configuration mode:
neighbor peer-address send-community
peer-address - the address used by a BGP peer for the BGP session.
Peer Groups 311
Once communities have been configured for a network, you can use the communities to filter
and manipulate the routes belonging to the community. In order to accomplish this, you first
need to create a community list. The community list contains all of the communities that you
want the policy to affect. In order to create a community list, use the following command in global
configuration mode:
ip community-list number {permit | deny} community-number
number - the number of the community list. For a standard community
list it will be from 1 - 99. For an extended community list it will
be from 100–500. We will only look at standard.
community-number - one or more community numbers configured by the set
community command. If entering multiple communities, separate them
with a space.
Once you have created your community list, you can then use it within a route map. In order
to use community list to perform the matches for a route map, you need to use the match
community number command within the route map, where the number is the community list
number.
In the real world, you need to check with your ISP to ensure that they will accept
communities.